General
-
Target
7ddd22e8dd26436cade10fc9488b0239f2db65589eb486ed551e30569ea5bdc7
-
Size
10.8MB
-
Sample
220606-xvrrdsbab4
-
MD5
4b4802c89976506b504b279dd3d58c89
-
SHA1
2652b1943e3580254b59617b8d6a1cae361d3bd1
-
SHA256
7ddd22e8dd26436cade10fc9488b0239f2db65589eb486ed551e30569ea5bdc7
-
SHA512
0d5d41af269d083d8fb532a9bed8bb16a0d4d113c4faf7520fea1237b5cea6cddbda4a1f484450a96e11b0ad8c5290a7a15c03326df335335f95a6ff4723554e
Static task
static1
Behavioral task
behavioral1
Sample
7ddd22e8dd26436cade10fc9488b0239f2db65589eb486ed551e30569ea5bdc7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7ddd22e8dd26436cade10fc9488b0239f2db65589eb486ed551e30569ea5bdc7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
7ddd22e8dd26436cade10fc9488b0239f2db65589eb486ed551e30569ea5bdc7
-
Size
10.8MB
-
MD5
4b4802c89976506b504b279dd3d58c89
-
SHA1
2652b1943e3580254b59617b8d6a1cae361d3bd1
-
SHA256
7ddd22e8dd26436cade10fc9488b0239f2db65589eb486ed551e30569ea5bdc7
-
SHA512
0d5d41af269d083d8fb532a9bed8bb16a0d4d113c4faf7520fea1237b5cea6cddbda4a1f484450a96e11b0ad8c5290a7a15c03326df335335f95a6ff4723554e
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-